FBI Chief Seeks Private-sector Help to Meet Cyber Threat

The U.S. government’s top cop said Thursday that businesses and the government need to work together to stop hacking attacks.

“The private sector is the essential partner if we are to succeed in defeating the cyber threat,” said Robert Mueller, director of the Federal Bureau of Investigation, said to a room full of attendees at the RSA security conference in San Francisco.

Many factors have combined to prevent this from happening much in the past. Mueller cited fear among businesses that reporting a hacking attack would subject them to lawsuits or somehow cause their intellectual property to become public. The government, meanwhile, can’t reveal information deemed classified.

Mueller said the government is trying to remove these hurdles, but added that it’s still a work in progress.

Stopping cyber crime will require close cooperation between government and the private sector, so coming up with ways for the two groups to better collaborate is critical, he said.

Mueller also said cyber-security terminology has “run amok” and that the amount of jargon used in the industry creates a communication barrier which now presents a real barrier to getting things done.

“Who among you knows the meaning of all of the following: NCCIC…NTOC…ISMA…ASIS…BACSS…not to mention our own NCIJTF? I could go on and on,” Mueller said.

He added that while the FBI tries to prevent attacks, it’s also important for the government to find and punish hackers. He cited the case of a hacker known as Sabu who was part of the hacker group LulzSec as an example. The FBI identified Sabu and then pressured him into cooperating with the investigation, which led to other arrests, Mueller said.

Also on Thursday, Michael Daniel, the White House cyber security coordinator, said that businesses need to be prepared to deal with digital threats on their own. He stressed that the overwhelming majority of cyber attacks aren’t the sort of sophisticated exploits worthy of a Hollywood movie, such as a scheme to stop traffic in 14 cities at once. Instead, they tend to be more mundane, like attacks aimed at knocking a website offline by overwhelming it with visits.

Daniel said that organizations needed to have a plan for these sorts of attacks. He also said that they should participate in a group where they can exchange threat information with peers, have adequate network defenses in place and test themselves.

While the government is still trying to determine exactly how it will best work with the private sector to combat cyber threats, Daniel said an apt analogy is the weather: The government provides forecasts but it’s up to individuals and local organizations to figure out how to respond to a storm. The federal government only acts when local and state officials are overwhelmed by the scale of a disaster.

Any federal response will be “cautious and incremental,” he said, adding that “the federal government is not going to ride in on a white horse to respond to every incident.”